VIR Vulnerability Intelligence Relay

Package impact

ruby RubyGems / rubygems-update

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2017-0903 critical 9.8 9.8 9y ago RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted… suseubuntudebianredhat+1
CVE-2017-0899 critical 9.8 9.8 9y ago RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape seque… susedebianredhatruby
CVE-2017-0902 high 8.1 8.1 9y ago RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacke… susedebianredhatubuntu+1
CVE-2019-8324 high 8.0 7y ago Important: ruby:2.5 security update susedebianrockylinuxruby
CVE-2017-0900 high 7.5 7.5 9y ago RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. susedebianredhatruby
CVE-2017-0901 high 7.5 7.5 9y ago RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. susedebianredhatubuntu+1
CVE-2012-2125 medium 5.8 14y ago RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack. ubuntudebianrubyredhat
CVE-2015-3900 medium 5.0 11y ago RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests t… debianredhatruby
CVE-2015-4020 medium 4.3 11y ago RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests t… debianruby
CVE-2013-4363 medium 4.3 13y ago Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1… debianruby
CVE-2013-4287 medium 4.3 13y ago Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as use… redhatdebianruby
CVE-2012-2126 medium 4.3 14y ago RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack. ubuntudebianrubyredhat
CVE-2018-1000077 unknown 4y ago RubyGems Improper Input Validation vulnerability susedebianrubyjava
CVE-2018-1000078 unknown 4y ago RubyGems Cross-site Scripting vulnerability susedebianrubyjava
CVE-2018-1000079 unknown 4y ago RubyGems Path Traversal vulnerability susedebianrubyjava
CVE-2018-1000076 unknown 4y ago RubyGems Improper Verification of Cryptographic Signature vulnerability susedebianrubyjava
CVE-2018-1000074 unknown 4y ago RubyGems Deserialization of Untrusted Data vulnerability susedebianrubyjava
CVE-2018-1000075 unknown 4y ago RubyGems Infinite Loop vulnerability susedebianrubyjava
CVE-2018-1000073 unknown 4y ago RubyGems Link Following vulnerability susedebianrubyjava